Cross-Origin Resource Sharing (CORS) is a system that makes use of HTTP headers, letting a server point out the domain, schemes, or ports, besides its own that a browser may be permitted to load resources from. CORS is also reliant on a process that permits browsers to make a preliminary request to the server that is hosting the cross-origin resource so that it can check that the server will allow the request when it needs to. During that preliminary request, the browser sends headers indicating the applicable HTTP method to be utilized during the request itself.
Due to security considerations, browsers will curtail cross-origin HTTP requests that come from scripts. For instance, XMLHttpRequest and the Fetch API adhered to one origin policy. The result of this is that a web app that uses those APIs may only ask for resources from the origin that the application was loaded from except when the response from alternative origins comes with the correct CORS headers.
The CORS process allows secure cross-origin requests and data transfers to take place between servers and browsers. Contemporary browsers utilize CORS in APIs like XMLHttpRequest or Fetch so that they can minimize the security implications associated with cross-origin HTTP requests.